According to the 2020 edition of the IBM/Ponemon Institute Cost of a Data Breach Report, 80% of businesses polled report that customer personally identifiable information (PII) was compromised. At an average cost of $150 per record, this is the most costly data type in the report. But all data breaches are expensive, both in terms of lost data and in the hit to an organization’s brand reputation.
Numbers are hard to argue with, so we compiled the following seven statistics that show the power of having good data security plans in place in case your business is hit with a breach. Each entry includes the business impact and mitigation techniques you can employ to limit losses should the worst happen.
1. Malicious attackers cause 52% of data breaches.
This tells us two things: that there are bad actors out there who want the data you collect from your customers and that the other 48% of breaches are caused by some other factor. In fact, the IBM/Ponemon study referenced above also found that compromised credentials and cloud misconfiguration each account for 19% of all breaches. The takeaway here is that you must adopt a 360-degree perspective on your data. Take into account internal, external, malicious, and accidental vectors when developing your data security plans.
2. Hacking techniques are used in 45% of breaches.
In the 2020 edition of Verizon’s Data Breach Investigations Report (DBIR), they found that 45% of the breaches investigated involved an outside actor using methods loosely referred to in the report as hacking to gain entry. These malicious attacks can use methods ranging from automated credential stuffing to manual intrusion via a zero-day exploit and more.
The lesson here is that businesses need robust security measures that can quickly signal when an intrusion is occurring, so mitigating steps can be taken. Employing a robust Customer Identity and Access Management (CIAM) solution that includes Bot Detection, brute force protection, and other defensive features is a top recommendation for mitigating these attacks.
3. Reported cybersecurity breaches are up 300% since the beginning of the COVID-19 pandemic.
The Internet Crime Complaint Center, or IC3, is the department within the FBI that handles incoming cybercrime reports. IC3 has seen its daily number of complaints jump 300% since the beginning of the pandemic in early 2020. The business takeaway is that cybercrime is here to stay, and it’s incumbent on you to lay out the processes and procedures that will enable you to keep your customers’ data safe from this growing rate of attacks.
4. Lost business revenue alone accounts for nearly half of the financial impact of a data breach at an avg. of $1.5 million.
This number doesn’t take into account the cost of the lost data, the cost of recovering downed systems, or the PR costs of damage control after a breach. Per the IBM/Ponemon study, this is just the average amount of revenue lost when customers lose trust in a brand and abandon it for a competitor in the aftermath of a data breach. Brand equity helps here, as does being transparent with your customers about the steps being taken.
5. Internal actors are involved in 30% of breaches.
Across all attack vectors, internal actors are involved in a third of data breaches. From mistakenly sending data to the wrong person, mishandling administrator credentials, misconfiguring cloud security settings, or being a willing participant in a malicious attack, both employees and contractors are included in this number. Once again, Verizon’s DBIR highlights the need for solid training routines that cover everything from identifying possible phishing emails and proper credential hygiene to how to spot malware. For business decision-makers, employees are a valuable asset in the fight against data crime. Train them and treat them right, and you can make effective inroads into mitigating such attacks.
6. One study found that at 15% of companies, more than a million files were accessible to every employee of the company.
In one recent study by cybersecurity company Varonis, nearly 1 in 5 responding companies found that every single employee had access to over a million files, including even the most sensitive personal information, no matter their permission level. We’ve talked about knowing what data you’re protecting before: not only do you need to know what the data is, you need to know who has what access to it. With a few exceptions, there aren’t many files that every single employee of a company needs access to. From a business standpoint, the fewer people have access to data, the safer that data is.
7. Cybersecurity incident response plans are missing in 3 out of 4 companies
Should your organization be hit with a data breach, what would your first step be? If you can’t answer that question immediately or with a couple of clicks to locate a process document, you’re one of those three in four businesses cited by Cybint that are not ready for a breach.
Building your data security posture up now will help your business stay ahead of potential threats. And making sure your customers know about the steps you’re taking and why will help maintain the level of trust you’ll need should your company become the target of a breach.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0s simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.